Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.… This article has been indexed…
Password Managers Vulnerable to Data Theft via Clickjacking
A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks. The post Password Managers Vulnerable to Data Theft via Clickjacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Why AI Agents and MCP Servers Just Became a CISO’s Most Urgent Priority
Over the last year, I’ve spent countless hours with CISOs, CTOs, and security architects talking about a new wave of technology that’s changing the game faster than anything we’ve seen before: Agentic AI and Model Context Protocol (MCP) servers. If…
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials
Cybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a malware-as-a-service model, COOKIE SPIDER rents out this…
Google reveals how much energy a Gemini query uses – in industry first
AI is spiking energy demands. Here’s why Google’s report matters. This article has been indexed from Latest news Read the original article: Google reveals how much energy a Gemini query uses – in industry first
Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure
With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models (LLMs) and Multi-Component Protocols (MCP) – bring immense potential, but also novel vulnerabilities that…
Nearly 1M SSNs and Health Records Exposed in Marijuana Patient Database
Ohio Medical Alliance exposed a medical marijuana patient database containing 957,000 records, including SSNs, IDs, health files, and… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Nearly 1M…
Commvault Backup Suite Flaws Allow Attackers to Breach On-Premises Systems
Security researchers have uncovered a critical series of vulnerabilities in Commvault’s backup and data management software that could enable attackers to achieve remote code execution and compromise on-premises infrastructure. The flaws, discovered by Watchtowr Labs, represent a significant threat to…
Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension
Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently appears to have…
Colt Technology Services Breached – Warlock Gang Claims Attack
This week in cyber we’ve got a SaaS breach impacting Workday, a malicious ChatGPT app making the rounds, double trouble for telecom providers, and the takedown of a botnet-for-hire service. Cybersecurity Advisor Adam Pilton is here with useful insights on…
DragonForce Ransomware Attack Analysis – Targets, TTPs and IoCs
DragonForce represents a sophisticated and rapidly evolving ransomware operation that has emerged as a significant threat in the cybersecurity landscape since late 2023. Operating under a Ransomware-as-a-Service (RaaS) model, this group has demonstrated exceptional adaptability by leveraging leaked ransomware builders…
UNC5518 Group Hacks Legitimate Websites to Inject Fake Captcha That Tricks Users to Execute Malware
A sophisticated cybercrime operation has emerged, targeting unsuspecting internet users through a deceptive social engineering technique that exploits one of the web’s most trusted security mechanisms. Since June 2024, the financially motivated threat group UNC5518 has been systematically compromising legitimate…
Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI
Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171. The post Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Russian…
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged
AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3 access protection…
Cybercriminal Linked to Notorious Scattered Spider Gang Gets 10-Year Sentence
Noah Urban, linked with the Scattered Spider cybercriminal gang, will also pay $13m in restitution to victims This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminal Linked to Notorious Scattered Spider Gang Gets 10-Year Sentence
IT Security News Hourly Summary 2025-08-21 12h : 3 posts
3 posts were published in the last hour 9:33 : 7 clever ways to automate your home with smart plugs 9:33 : NIST Unveils Guidelines to Help Spot Face Morphing Attempts 9:33 : “PromptFix” Attacks Could Supercharge Agentic AI Threats
UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware
The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users…
AI crawlers and fetchers are blowing up websites, with Meta and OpenAI the worst offenders
One fetcher bot seen smacking a website with 39,000 requests per minute Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts…
Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025
As security professionals, it’s easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren’t from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of…
Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth
A campaign leverages CVE-2024-36401 to stealthily monetize victims’ bandwidth where legitimate software development kits (SDKs) are deployed for passive income. The post Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth appeared first on Unit 42. This…
The best password generators of 2025: Expert tested
While it’s easy to default to common, easy-to-guess passwords, a password generator can help you create complex, secure credentials. We’ll help you choose the best password generator to keep your online accounts safe. This article has been indexed from Latest…
Orange Belgium Data Breach Impacts 850,000 Customers
Orange Belgium says hackers accessed data pertaining to 850,000 customer accounts during a July cyberattack. The post Orange Belgium Data Breach Impacts 850,000 Customers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Orange…
Orange Data Breach Raises SIM-Swapping Attack Fears
Orange Belgium revealed that a threat actor has compromised 850,000 customer accounts, with SIM card numbers among the data accessed This article has been indexed from www.infosecurity-magazine.com Read the original article: Orange Data Breach Raises SIM-Swapping Attack Fears
QUIC-LEAK Vulnerability Allows Attackers to Drain Server Memory and Cause DoS
Security researchers at Imperva have disclosed a critical pre-handshake memory exhaustion vulnerability in the widely-used LSQUIC QUIC implementation that enables remote attackers to crash servers through denial-of-service attacks. The flaw, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” bypasses standard QUIC connection-level protections…